Hello! Just a quick post today, since I’m busy working with the next release of FreeFixer. Did you see a file, such as FlashPlayer_6741_i1375671586_il280.exe, on your system signed by DOZ-DEKORUM LLC? Then read on..
Typically you’d see the DOZ-DEKORUM LLC publisher name appear when double-clicking on the FlashPlayer_6741_i1375671586_il280.exe file:
It’s possible to view additional information about the embedded certificate by right-clicking on the file, choosing properties and then clicking on the Digital Signatures tab. According to the certificate we can see that DOZ-DEKORUM LLC is located in Kiev in Ukraine and that the certificate is issued by Thawte Code Signing CA – G2.
The problem here is that if FlashPlayer_6741_i1375671586_il280.exe really was an installer file for Flash Player, it should have been signed by Adobe Inc. and not by some unknown company. I think this looks suspicious.
So, what does the anti-virus programs say about the DOZ-DEKORUM LLC file? No problem, I just uploaded the file to VirusTotal and it turned out that some (17%) of the anti-virus programs detects the DOZ-DEKORUM LLC file, with names such as Generic.AF5, Adware.Downware.8818 and PUP.Optional.Amonetize.
Since some of the anti-virus programs detected the DOZ-DEKORUM LLC file, I got curious and decided to test it to see what it installed. After stepping though the installer, RegClean Pro and Wajam appeared on my computer. Did you also find a file digitally signed by DOZ-DEKORUM LLC? What kind of download was it and where did you find it?
Thanks for reading.
1 thought on “DOZ-DEKORUM LLC – 17% Detection Rate at VirusTotal”
I downloaded a Program called RiotGen from hxxp://riotgiveaway.net/download-riotgen/
and it was the same Publisher DOZ-DEKORUM LLC and after the install nothing happend Just it says install finish and when i want to open the Install program again it says ERROR no File with this name are Found
Comments are closed.